Seamless SSO with MFA enabled

Hello Auth0 Community,

when I enabled seamless SSO without MFA, the user already logged into domain A can be logged in to domain B seamlessly (this is an expected user seamless experience)

when I enabled seamless SSO along with MFA, the user already logged into domain A will be asked to do MFA when trying to login to domain B programmatically (this is not an expected user seamless experience)

any idea how can I configure Auth0 to ignore MFA (since user already logged in) in the 2nd use case? thank you!

Hi @developerdw,

Welcome to the Auth0 Community!

It sounds like you have Require MFA set to Always. This setting will require MFA on all logins. If you want to implement some other custom MFA conditions, you will need to use an Action.

You can customize how your MFA is triggered with Customize MFA Selection in New Universal Login.

Hope this helps!

1 Like

Thank you, Dan,

I actually tried 2 mode, a) MFA always enabled, b) MFA disabled with a rule - enable MFA=“gardian” if user.metadata.enable_mfa == true

I also tried to detect if user already logged in by comparing first time and second time json data, but didn’t find any field can be used to tell if user already logged in

do you happen to know any data field from the json I can use to differentiate user session timeout (or user haven’t logged in) case vs. user session exists (or user already logged in) case?

Thanks a lot!

Best,